---
- import_tasks: "mount_fs.yml"

- name: register security context for pgsql directory
  command: "ls -dZ /var/lib/pgsql"
  register: pgsql_ls
  changed_when: False  # `ls' command is not changing anything

- name: update selinux context for postgress db dir if it's wrong
  command: "restorecon -vvRF /var/lib/pgsql"
  when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in  pgsql_ls.stdout

- name: install daily custom copr-frontend-crontab
  copy: src=cron.daily/copr-frontend-optional dest=/etc/cron.daily/
        mode=0755
  tags: [cron_tasks]

- name: install hourly custom copr-frontend-crontab
  copy: src=cron.hourly/copr-frontend-optional dest=/etc/cron.hourly/
        mode=0755
  tags: [cron_tasks]

- name: install copr-frontend and copr-selinux
  dnf:
    state: present
    name:
      - copr-frontend
      - copr-selinux
  tags:
  - packages

- name: Configure cron job for generating prometheus metrics hourly
  cron:
    name: "generating prometheus metrics"
    user: root
    minute: 0
    job: "/usr/bin/python3 /usr/bin/monitoring.py && mv -f /var/lib/prometheus/node-exporter/copr_cdn_status.prom.new /var/lib/prometheus/node-exporter/copr_cdn_status.prom && mv -f /var/lib/prometheus/node-exporter/copr_ping_status.prom.new /var/lib/prometheus/node-exporter/copr_ping_status.prom"
  tags:
  - cron_tasks

- name: Deploy the prometheus monitoring script
  copy:
    src: monitoring.py
    dest: /usr/bin/monitoring.py
    mode: 0750
    owner: root
    group: root
  tags:
  - cron_tasks

  # we install python-alembic because https://bugzilla.redhat.com/show_bug.cgi?id=1536058
- name: install additional pkgs for copr-frontend
  dnf:
    state: present
    pkg:
      - "bash-completion"
      - "mod_ssl"
      - redis
      - pxz
      - python3-alembic
      - mod_auth_gssapi
      - nagios-plugins-http
      - python3-prometheus_client
      - python3-beautifulsoup4
  tags:
  - packages

#- name: patch for issue XXX
#  patch: src=patches/xxx.patch
#         dest=/the/patched/file.py
#  tags: patches

- name: directory for postgresql dumps
  file: state=directory path=/var/www/html/db_dumps/
        owner=copr-fe mode=755

- name: install copr configs
  template: src="copr.conf" dest=/etc/copr/copr.conf mode=600
  notify:
  - reload httpd
  - restart copr-fe-fedora-messaging-reader
  tags:
  - config
  - copr_infrastructure_password

- name: install config for 'copr-frontend chroots-template'
  copy: src="chroots.conf" dest=/etc/copr/chroots.conf mode=600
        owner=copr-fe group=copr-fe
  register: chroots_conf_installed
  tags:
  - config
  - chroots_config

- name: apply the config comments
  command: copr-frontend chroots-template
  become: yes
  become_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/
  when: chroots_conf_installed.changed
  tags:
  - config
  - chroots_config

- name: enable and start redis  # TODO: .service in copr-backend should depend on redis
  service: name=redis enabled=yes state=started
  when: not services_disabled|bool

# This was state=yes for https://bugzilla.redhat.com/show_bug.cgi?id=1535689 for
# some time, and since requests were fixed we want it the other way around
# again.
- name: Dis-alllow execmem for Apache
  seboolean:
    name: httpd_execmem
    state: no
    persistent: yes

- import_tasks: "psql_setup.yml"

- name: upgrade db to head
  command: alembic-3 upgrade head
  become: yes
  become_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/
  register: alembic_result
  changed_when: alembic_result.stdout is search("Running upgrade")

- name: install letsencrypt ssl certificates for dev
  include_role: name=copr/certbot
  tags:
  - config
  - certbot

- import_tasks: "httpd.yml"

- name: enable services
  service: state=started enabled=yes name={{ item }}
  with_items:
  - httpd
  - crond
  when: not services_disabled|bool

- name: set dev banner for dev instance
  when: devel|bool
  copy: src=banner-include.html dest=/var/lib/copr/

- name: disallow robots on dev instance
  when: devel|bool
  copy: src=robots.txt dest=/var/www/html/


- name: register whether indexes rebuild is required
  command: copr-frontend update_indexes_required
  become: yes
  become_user: copr-fe
  register: update_indexes_required_result
  changed_when: False
  failed_when: False

- name: rebuild indexes
  command: ./manage.py update_indexes
  become: yes
  become_user: copr-fe
  args:
    chdir: /usr/share/copr/coprs_frontend/
  when: update_indexes_required_result.rc != 0

- name: make sure /etc/fedora-messaging directory exists
  file: path=/etc/fedora-messaging state=directory

- name: install fedora messaging config for Copr
  template: src="fedora-messaging/copr_messaging.toml" dest="/etc/fedora-messaging/copr_messaging.toml"
  notify:
  - restart copr-fe-fedora-messaging-reader
  tags:
  - config

- name: detect copr-frontend version
  package_facts: manager=auto

- name: install custom systemd service files
  copy: src=systemd dest=/etc
  notify:
  - reload httpd

- name: compress rotated httpd logs
  copy: src="httpd.logrotate" dest="/etc/logrotate.d/httpd"
  tags: [logrotate_tasks]

- name: start logrotate service
  service: name=logrotate.timer state=started enabled=yes
  when: not services_disabled|bool

- name: start fm-consumer service
  service: state=started enabled=yes name="fm-consumer@copr_messaging"
  when:
  - not services_disabled|bool

- name: install bash_profile file to ease some admin tasks
  copy:
    content: |
      export PGUSER=copr-fe
      export PGDATABASE=coprdb
    dest: "{{ copr_fe_homedir }}/.bash_profile"

- name: restart node exporter
  service: state=restarted enabled=yes name=node_exporter

- name: configure options in node exporter
  lineinfile:
    path: /etc/default/prometheus-node-exporter
    regexp: '^ARGS='
    line: 'ARGS=--collector.textfile.directory="/var/lib/prometheus/node-exporter" --collector.systemd'
    backrefs: yes
  notify: restart node_exporter

- name: install nrpe
  dnf: name=nrpe state=present

- name: install the check script
  template:
    dest: "/usr/bin/copr-cdn-check.py"
    src: "copr-cdn-check.py.j2"
    group: "nagios"
    mode: 0750
  vars:
    api_key: "{{ copr_uptimerobot_api_key_ro | default('not-configured') }}"
  tags: copr_cdn
